<?php
/**
 ***** 扶摇而上、抱守本真 ******
 * @author Dana
 * @Date 2021/6/25
 */

function authenticate() {
    header('WWW-Authenticate: Basic realm="Test Authentication System"');
    header('HTTP/1.0 401 Unauthorized');
    echo "You must enter a valid login ID and password to access this resource\n";
    exit;
}

//unset($_SERVER['PHP_AUTH_USER']);
//unset($_SERVER['PHP_AUTH_PW']);


if(!validate($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])){
        authenticate();
} else {
    unset($_SERVER['PHP_AUTH_PW']);
    echo "<p>Welcome: {$_SERVER['PHP_AUTH_USER']}<br />";
}

echo "<form action='/web/pwd.php' METHOD='post'>\n";
// echo "<input type='hidden' name='SeenBefore' value='1' />\n";
// echo "<input type='hidden' name='OldAuth' value='{$_SERVER['PHP_AUTH_USER']}' />\n";
echo "<input type='submit' value='Re Authenticate' />\n";
echo "</form></p>\n";

var_dump($_SERVER['PHP_SELF']);
var_dump($_SERVER['PHP_AUTH_USER']);
var_dump($_SERVER['PHP_AUTH_PW']);


function validate($user,$pass){
    $users = [
        'david'=>'123456',
        'adam'=>'123456'
    ];

    if(isset($users[$user]) && $users[$user] === $pass){
        return true;
    }else{
        return false;
    }
}